1. Field of the Invention
The present invention relates to a technique to have a password recovered when it has been forgotten.
2. Description of the Related Art
In recent years, users have been able to receive various kinds of services since network services have come into wide use. Most of those services request that each user input a password. In those services, passwords are used in order to identify if a person trying to receive a particular service is the user himself/herself or not, but users sometimes forget their passwords. In a mail system provided by an administrator on the Internet, when a user has forgotten the password, the user transmits data, besides the password, with which the user can be identified, and when the administrator has authenticated that it is the user himself/herself according to the data, the administrator allows the password to be recovered and presents the password to the user or prompts the user to change the password to a new one.
In addition to the method mentioned above, the Japanese Unexamined Patent Application Publication No. 10-187903 discloses an IC memory card and a system in which an IC memory card is used so that a user is allowed to easily cancel his/her password when it has been forgotten, and even after it is cancelled, the setting and validity of the password will not be lost. In this system, when a password has been forgotten and the user performs predetermined key operations, a canceling data character string will be displayed based on some information at the time of setting the password e.g. the date, the serial number of the system, the serial number of the IC memory card and/or the remaining memory size. Based on the displayed canceling data character string, a canceling key character string will be generated. When the canceling key character string is supplied to the IC memory card, it will be possible to read the data recorded on the IC memory card.
Both of these techniques of the prior art mentioned here have security problems, however, in that a third party who does not know the user's password may be able to obtain the means for recovering the password such as the information to identify the user or the information on key operations, and to recover the password so as to “spoof” as the user or obtain/tamper the data owned by the user using the recovered password.